package com.lhy.backend.components.filter;

import jakarta.servlet.http.HttpServletRequest;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.stereotype.Component;

import java.util.function.Supplier;

@Component
public class PermsAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
    @Override
    public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext requestAuthorizationContext) {
        HttpServletRequest request = requestAuthorizationContext.getRequest();
        String uri = request.getRequestURI();


//        动态权限根据业务调整
//        if("/auth/login".equals(uri) || "/logout".equals(uri) || "/error".equals(uri)) {
//            return new AuthorizationDecision(true);
//        }


        return new AuthorizationDecision(true);
    }
}
